CVE-2015-1843: Input Validation
First published: Fri Mar 27 2015(Updated: )
A regression of <a href="https://access.redhat.com/security/cve/CVE-2014-5277">CVE-2014-5277</a> was found in the current version of the docker client on RHEL 7.1 (Docker version 1.4.1-dev, build d26b358/1.4.1). Acknowledgements: Red Hat would like to thank Eric Windisch of Docker Inc. for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/docker | <1.5.0-28.el7_1 | 1.5.0-28.el7_1 |
| Docker | <=1.5.0-27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2014-5277
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206447
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206443#c3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206443#c5
- https://miminarnb.virbr0:5004/v0/
- https://miminarnb.virbr0:5004/v2/
- https://miminarnb.virbr0:5004/v1/_ping
- https://github.com/docker/docker/blob/master/registry/config.go#L93
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206443#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206443#c21
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206443#c25
- https://registry.access.redhat.com
- http://pastebin.test.redhat.com/273954
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206443#c31
- http://registry.access.redhat.com
- https://rhn.redhat.com/errata/RHSA-2015-0776.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1206443
- http://rhn.redhat.com/errata/RHSA-2015-0776.html
- http://www.securityfocus.com/bid/73936
Frequently Asked Questions
What is the severity of CVE-2015-1843?
CVE-2015-1843 is considered a moderate severity vulnerability affecting Docker clients on RHEL 7.1.
How do I fix CVE-2015-1843?
To fix CVE-2015-1843, you should upgrade your Docker package to version 1.5.0-28.el7_1 or later.
What versions of Docker are affected by CVE-2015-1843?
CVE-2015-1843 affects Docker version up to 1.5.0-27 on Red Hat Enterprise Linux 7.1.
Is CVE-2015-1843 a regression vulnerability?
Yes, CVE-2015-1843 is a regression of CVE-2014-5277 in the Docker client.
Who reported CVE-2015-1843?
CVE-2015-1843 was reported by Eric Windisch of Docker Inc.
- collector/redhat-bugzilla
- alias/CVE-2015-1843
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- agent/references
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/docker
- version/docker/1.5.0-27